US20110035591A1 - Enterprise instant message aggregator - Google Patents

Enterprise instant message aggregator Download PDF

Info

Publication number
US20110035591A1
US20110035591A1 US12/907,466 US90746610A US2011035591A1 US 20110035591 A1 US20110035591 A1 US 20110035591A1 US 90746610 A US90746610 A US 90746610A US 2011035591 A1 US2011035591 A1 US 2011035591A1
Authority
US
United States
Prior art keywords
enterprise
service
mobile station
mobile
communication network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US12/907,466
Other versions
US8032165B2 (en
Inventor
Thaddeus Jude DUDZIAK
Biren Patel
Jerry Kupsh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cellco Partnership
Original Assignee
Cellco Partnership
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cellco Partnership filed Critical Cellco Partnership
Priority to US12/907,466 priority Critical patent/US8032165B2/en
Publication of US20110035591A1 publication Critical patent/US20110035591A1/en
Application granted granted Critical
Publication of US8032165B2 publication Critical patent/US8032165B2/en
Assigned to CELLCO PARTNERSHIP (D/B/A VERIZON WIRELESS) reassignment CELLCO PARTNERSHIP (D/B/A VERIZON WIRELESS) ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DUDZIAK, THADDEUS JUDE, KUPSH, JERRY, PATEL, BIREN
Assigned to CELLCO PARTNERSHIP D/B/A VERIZON WIRELESS reassignment CELLCO PARTNERSHIP D/B/A VERIZON WIRELESS NUNC PRO TUNC ASSIGNMENT (SEE DOCUMENT FOR DETAILS). Assignors: DUDZIAK, THADDEUS JUDE, KUPSH, JERRY, PATEL, BIREN
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • IM service was offered as a text messaging service between users' computers connected to the Internet.
  • wireless mobile devices such as cellular telephones, wireless email devices and personal digital assistants (PDAs).
  • PDAs personal digital assistants
  • U.S. Pat. No. 7,120,455 to Chen et al. discloses a technique for mobile instant messaging, particularly adapted to provide interfaces to a number of different IM systems or communities.
  • these communities are those served by commercial IM providers, such as AIM, MSN, Yahoo IM or the like.
  • the enterprise IM service aggregator may also offer a ‘KILL’ feature, by which an enterprise can direct the aggregator to terminate service to a particular mobile station, e.g. upon determination that the station has been stolen.
  • the ‘KILL’ function causes the network to disable the service on the mobile station, and in the example, this function causes the aggregator to send a message through the network to the stolen mobile station instructing that station to delete all stored IM messages and/or any IM service credentials that have been stored in the mobile station.
  • FIG. 2 is a signal flow diagram illustrating a procedure for establishing and conducting an enterprise IM session through the aggregator.
  • FIG. 3 is a signal flow diagram illustrating a self-provisioning of a mobile station, for enterprise IM communication through the aggregator.
  • enterprise IM is the delivery of text or other media messages between two enterprise users in near-real time.
  • users typically will be restricted to the same enterprise community and in general will not have access to commercial IM communities for business related IM.
  • a wireless network operator/carrier or other service provider will provide a mechanism/service/procedure to extend the IM communications to wireless devices and provide the requisite security for enterprise IM communications to/from the wireless devices.
  • the SMS message will also provide an instruction to the IM application to erase all messages and user credentials stored within that mobile station 15 .
  • the service control 27 will also notify the provisioning system(s) 47 to deactivate service to the mobile station 15 , for example, by deleting any associated profile data from the authorization system 41 and/or by sending another message to the mobile station 15 to delete any provisioning data for at least the IM service, which may be stored in the mobile station itself.
  • FIG. 2 It may be helpful at this point to consider an example ( FIG. 2 ) of a call or signal flow, as an example of the processing of an IM communication session facilitated through the aggregator 21 .
  • the login request message communication would involve one or more packet transmissions through the carrier's WDN network 13 , possibly the gateway 19 (if the mobile station is a BREW device) to one of the gateways 31 , 33 in the aggregator 21 , which in turn forwards the message packet(s) to the service control 27 .
  • the authorization query identifies the mobile station by its MDN and includes a feature code essentially to identify the EIM service that the user is attempting to access.
  • the carrier's service/feature authorization element uses the MDN to look-up a service profile for the particular mobile station 15 or 17 , and it uses the feature code to determine whether or not the profile shows that the particular mobile station is authorized to access the EIM service via the network 10 (step S 3 ).
  • This authorization check may involve checking of a number of other parameters.
  • the authorization element can check the domain portion of the user name/email address to confirm that the domain corresponds to an enterprise that subscriber to the EIM service for mobile stations through the network 10 .
  • the authorization element can also check that the particular user is authorized for the EIM service based on the combination of username and password.
  • the authentication query sent to the enterprise IM server 37 in step S 5 is encrypted.
  • the service control 27 in the aggregator has previously received a public encryption key from the enterprise IM server 37 .
  • the example uses Advanced Encryption Standard (AES) encryption or Triple Data Encryption Algorithm (3DES or TDES) encryption.
  • AES Advanced Encryption Standard
  • 3DES Triple Data Encryption Algorithm
  • the service control 27 in the aggregator uses the AES or 3DES public key of the enterprise IM server 37 to encrypt the authentication query.
  • Each enterprise will provide its public key (and possibly identify the particular encryption algorithm) when the enterprise signs-up with the carrier for the EIM service through the network 10 .
  • the keys may be changed from time to time, in which case the respective enterprise server will provide an updated public key to the carrier, for use by the aggregator 21 .
  • the device client When the device client was initially activated (prior to sending the login request at S 1 ), that client was generic to data service through the carrier's network 10 . However, based on the response at S 8 , the device client becomes a specific client program for EIM service through the network with the particular enterprise server, in this example, the server 37 . Hence, at step S 9 the device client causes the mobile station to form a login request for the particular IM server 37 .
  • This request contains the username and a password.
  • the password may be the same as at S 1 (for network validation) or a second password for enterprise validation.
  • the enterprise login request message also contains an AES key, which is generated by the device client.
  • the mobile station encrypts the enterprise login request message using the RSA public key of the aggregator 21 .
  • the user of the mobile station enters text or other information for an IM message, and the device client encrypts that information using the AES key.
  • the mobile station sends the AES encrypted IM payload through the network 10 to the IM server 37 .
  • the network 10 including the aggregator 21 , is transparent to this message. Although the message is routed through the aggregator, for security, the aggregator 21 does not decrypt the message.
  • the IM server 37 at the enterprise passes the IM payload to the appropriate device client in the enterprise community (step S 14 ).
  • the server may decrypt the payload before communication to the device client, or the server may pass the payload on in encrypted form for decryption by the device client.
  • the device client of the receiving party processes the message and presents the IM message to the user at the receiving end, in a normal manner.
  • the user inputs appropriate information, and the device client causes the mobile station to initiate a service request transmission in step S 26 , which the aggregator 21 routes to the carrier's provisioning gateway (gateway 45 in FIG. 1 ) in step S 27 .
  • the gateway provides an interface to other provisioning element(s) 47 for interaction with the user (S 28 ) to activate the service with respect to the user and the user's mobile station.
  • the provisioning system may enter the EIM feature code in the user/mobile station profile in the element 41 performing the carrier's service/feature authorization. Provisioning data also may be downloaded into the mobile station.
  • the gateway sends a message indicating successful completion back to the aggregator in step S 29 , and the aggregator 21 routes that message through to the device client on the user's mobile station in step S 30 .
  • GSM Global System for Mobile

Abstract

A disclosed enterprise instant messaging (IM) service aggregator enables validation of mobile stations and/or users for enterprise IM service through a wireless communication network; and in the examples, the enterprise IM service provides a secure messaging environment that allows IM traffic to/from wireless mobile stations. The security offered may be unique to and controlled by each enterprise, for example, by enabling each enterprise to generate its own encryption key for distribution through the aggregator and by allowing mobile stations to generate their own keys for distribution back through the aggregator to the enterprise IM servers. As disclosed, the login credentials are encrypted from the mobile station to the enterprise IM server. The use of standard encryption methods within the call flows allows a simple method of ensuring that only authorized users can access the enterprise servers and that the messages will be encrypted by the strongest possible means.

Description

    TECHNICAL FIELD
  • The present disclosure relates to techniques and equipment to aggregate enterprise instant message traffic for wireless client devices.
    • BACKGROUND
  • Instant Messaging (IM) is the delivery of text or other media messages between two users in near-real time. IM allows a user to maintain a buddy or contact list, listing people with whom the user might exchange instant messages. The user selects a person from the list that is currently logged-in with respect to the IM service and establishes a data communication session with a remote device being used by the selected person. In a personal computer type implementation, the IM software on the user's device opens a window on the computer display. Typically, the window includes two parts, each of which provides a slightly different functionality. One part of the window allows the user to type messages for transmission to the remote user device, whereas the other part receives messages from the remote user device and displays those messages to this user. The remote user's device will provide similar input and display functions, and in this way, both users can read what the other has typed.
  • Originally, IM service was offered as a text messaging service between users' computers connected to the Internet. However, as the popularity of IM services grew, the IM service offerings were extended to users of wireless mobile devices, such as cellular telephones, wireless email devices and personal digital assistants (PDAs). U.S. Pat. No. 7,120,455 to Chen et al., for example, discloses a technique for mobile instant messaging, particularly adapted to provide interfaces to a number of different IM systems or communities. However, these communities are those served by commercial IM providers, such as AIM, MSN, Yahoo IM or the like.
  • Much of the IM traffic today is between individual users/customers, for example, to permit chat between friends and family members. However, enterprises have found that the real time text communication offered by IM services also provides a valuable collaborative tool between enterprise personnel, in the context of a wide range of commercial, educational and governmental activities. IM services typically involve text communication; but increasingly, such communications can communicate a variety of other types of information media, such as voice, images and video in near real time, both in private IM services and enterprise IM services. Hence, enterprise IM typically entails the delivery of text or other media messages between two enterprise users in near-real time.
  • Use of IM by enterprise personnel, however, raises a number of unique concerns. The overriding concern is security. Many of the IM messages between enterprise personnel may contain highly confidential information of the enterprise, and the enterprise has an attendant need to prevent misdirection or interception of the messages.
  • US application publication no. 2003/0204741 to Schoen et al. proposed a secure public key infrastructure type proxy for instant messaging clients. The publication describes an encryption technique. Although the publication recognizes the need of businesses and government entities for security, the encryption is apparently implemented in a non-corporate environment utilizing commercial IM services. For example, the publication suggests public key infrastructure proxies may be implemented on the IM servers and client devices themselves. There is no mention of how the IM service would be extended securely into the wireless domain, that is to say to wireless mobile client devices.
  • In actual practice, enterprise IM services have been deployed using one of two approaches. One approach is for the Enterprise IT policy to allow the use of commercial IM services such as Yahoo, AIM and MSN. These services are readily available but do not have secure messaging capability.
  • The other, more secure approach used to date in actual deployments implements the enterprise IM service within the enterprise environment, from desktop to desktop. IM traffic can be readily sent within existing messaging environments such as IBM Lotus Instant Messaging (Sametime) and Microsoft Office Live Communications Server (LCS). These messaging environments only support IM within their platform or community and do not extend IM onto other messaging environments including commercial IM services such as Yahoo, America On-Ling IM and MSN communities. Security includes encryption of user credentials (user name and password), message content and logging of conversations. Also, in these secure enterprise IM environments, the IM messages are prohibited from going to or coming from a wireless device.
  • Hence, there is a need for a technique to extend secure IM service for an enterprise to wireless devices that may participate in IM sessions via a public mobile or wireless communication network. Clearly, the security for the enterprise IM message needs to be extended to the wireless device, including through the wireless network that provides communications with the wireless/mobile device.
    • SUMMARY
  • An aggregator in a wireless communication network aggregates IM traffic for a number of enterprise IM communities and aggregates IM traffic with respect to mobile stations of users associated with each of those enterprise IM communities. The aggregator facilitates security on the IM communications with the mobile station.
  • The enterprise IM service aggregator in the detailed examples below provides a mechanism to validate mobile stations and/or mobile station users for the service through the wireless communication network. In the examples, the enterprise IM service provides a secure messaging environment that allows IM traffic to/from a wireless mobile station. The security offered may be unique to and controlled by each enterprise, for example, by enabling each enterprise to generate its own encryption key for distribution through the aggregator and/or by allowing mobile stations to generate their own keys for distribution back through the aggregator to the enterprise IM servers. Also, the key exchanges are encrypted. For example, the Login Credentials are encrypted from the mobile station to the enterprise IM server. The use of standard encryption methods within the call flows allows a simple method of ensuring that only authorized users can access the enterprise servers and that the messages will be encrypted by the strongest possible means. The messages can not be decrypted unless the keys are previously known. This ensures that anyone that attempts to access the messages from the wireless environment can not decrypt the messages or the login credentials of the enterprise community.
  • The examples disclosed below also facilitate provisioning of a mobile station for use of the enterprise IM service through the wireless communication network, e.g. when the aggregator determines that a mobile station or user are not yet authorized for the service.
  • The enterprise IM service aggregator may also offer a ‘KILL’ feature, by which an enterprise can direct the aggregator to terminate service to a particular mobile station, e.g. upon determination that the station has been stolen. The ‘KILL’ function causes the network to disable the service on the mobile station, and in the example, this function causes the aggregator to send a message through the network to the stolen mobile station instructing that station to delete all stored IM messages and/or any IM service credentials that have been stored in the mobile station.
  • Additional advantages and novel features will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following and the accompanying drawings or may be learned by production or operation of the examples. The advantages of the present teachings may be realized and attained by practice or use of the methodologies, instrumentalities and combinations particularly pointed out in the appended claims.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The drawing figures depict one or more implementations in accord with the present teachings, by way of example only, not by way of limitation. In the figures, like reference numerals refer to the same or similar elements.
  • FIG. 1 is a high level functional block diagram of a wireless carrier's network that may offer the secure instant messaging service through an aggregator, to a number of the carrier's enterprise customers.
  • FIG. 2 is a signal flow diagram illustrating a procedure for establishing and conducting an enterprise IM session through the aggregator.
  • FIG. 3 is a signal flow diagram illustrating a self-provisioning of a mobile station, for enterprise IM communication through the aggregator.
    •  DETAILED DESCRIPTION
  • In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant teachings. However, it should be apparent to those skilled in the art that the present teachings may be practiced without such details. In other instances, well known methods, procedures, components, and circuitry have been described at a relatively high-level, without detail, in order to avoid unnecessarily obscuring aspects of the present teachings.
  • For purposes of the detailed description here, enterprise IM is the delivery of text or other media messages between two enterprise users in near-real time. For enterprise security, users typically will be restricted to the same enterprise community and in general will not have access to commercial IM communities for business related IM. However, a wireless network operator/carrier or other service provider will provide a mechanism/service/procedure to extend the IM communications to wireless devices and provide the requisite security for enterprise IM communications to/from the wireless devices.
  • The Enterprise Instant Messaging (EIM) service is deployed in a public wireless telecom network, and the network operator or carrier offers the service to its enterprise customer base. The carrier-centric deployment model uses an Instant Messaging aggregator, to aggregate connections from various enterprises. The EIM service, using the traffic aggregator, provides secure IM to mobile stations using a combination of encryption and trusted connection of service elements. The aggregator provides a single interface to the wireless telecom network. The aggregator provides a means of allowing IM traffic from an enterprise secure server environment to wireless devices, such as mobile handsets and PDAs. The enterprise server environment will reside in a single or multiple locations and is often referred to as a community. The aggregator provides all the necessary protocol conversations to allow IM traffic between an IM community server and a wireless mobile station. These protocols are those that are native to both the wireless handset and the enterprise IM community server. The aggregator also provides all the necessary protocols to the wireless network. The aggregator also provides all the necessary routing of IM traffic to the authenticated wireless device user.
  • The aggregator also provides other features necessary to meet the requirements of each enterprise customer's IT policy and wireless network, such as one or more of the following:
      • Secure login into the IM server environment
      • Secure processing of all user login and IM server information to setup the traffic path
      • Secure transmission of the IM payload between the wireless device and the IM server using standard encryption methods
      • Secure access to the IM service by authenticating the user first to the wireless network and second to the IM server
      • Administrative functions such as white list/black list of users and handset “kill” function to disable the service on the mobile station
      • Provisioning of the service on the wireless network.
  • With that overview of the exemplary Enterprise Instant Messaging (EIM) service, it may be helpful now to consider a possible implementation example in more detail with reference to the accompanying drawings.
  • FIG. 1 is a functional block diagram, illustrating elements of a wireless carrier's network 10 that may offer the EIM service to a number of the carrier's enterprise customers and illustrating some of the enterprise customer equipment. At a high level, the carrier's network 10 includes a wireless data network (WDN) 13 for providing mobile wireless communications services to any number of mobile stations. Although the WDN 13 allows the carrier to offer services to individual customers (whose devices are omitted for convenience), for purposes of this discussion, the WDN network 13 provides wireless communication service to mobile stations of personnel of one or more enterprise customers. In the drawing, the mobile stations of the enterprise personnel are represented by the mobile stations 15 and 17.
  • The WDN 13 may be any of a number of currently available public wireless/mobile communication networks, which often offer various combinations of voice telephone services and packet-data communications services. For example, the WDN 13 might be implemented as a network conforming to the IS-95 standard, the 3rd Generation Partnership Project 2 (3GPP2) wireless IP network standard or the Evolution Data Optimized (EVDO) standard, the Global System for Mobile (GSM) communication standard, a time division multiple access (TDMA) standard or other standards used for public mobile wireless communications that offer the packet data transport used for instant messaging. The mobile stations 15 and 17 may be capable of conventional voice telephone communications. However, for EIM, the mobile stations 15 and 17 have IP packet data communication capabilities, and the WDN network 13 provides wireless IP packet communications to and from each of the mobile stations 15 and 17. A variety of different types of mobile stations supporting such communications are widely available. Those skilled in the art should be familiar with the general structure and operation, both of the mobile stations and the wireless networks, therefore more detailed description thereof should be unnecessary here.
  • Mobile station 15 is a BREW device, that is to say a mobile station device that utilizes Qualcomm's Binary Runtime Environment for Wireless operating system. BREW can be considered an environment that allows general purpose applications to be written for mobile stations. Such applications are easily installed in the mobile stations, including via wireless download through the WDN network 13. Of note for purposes of this discussion, the mobile station 15 of the enterprise employee will have a BREW compatible application loaded therein to configure the device 15 to perform the functions and provide the appropriate user interface for instant message type communications.
  • In the example, the carrier normally supplies BREW type mobile telephone devices like the mobile station 15 to its regular telephone service subscribers. The WDN network 13 provides telephone and packet data service, including packet data service in support of IM. The carrier also operates or provides access to a gateway server 19 to support IM type services for its regular subscribers. This gateway 19 is the primary instant messaging interface for BREW devices through the network 13. The IM gateway 19 provides the IM protocols necessary to provide IM services to BREW devices. It can be a separate service provider or it can be part of the aggregator. Putting it outside the aggregator function as in the example illustrates and highlights a protocol conversation function of the aggregator.
  • Mobile station 17 is a non-BREW device, that is to say a device that utilizes an operating system other than BREW, although such operating systems often allow general purpose applications to be written for the device in a manner somewhat similar to BREW. These devices include PDA's, Smartphones, and other mobile computing devices that perform the same functions as a desktop or laptop computer but that still may use the WDN network 13 for packet data communications. As discussed more below, the carrier provides enterprise IM service to/from the mobile stations 17, as well.
  • To provide the secure EIM service, the carrier network 10 includes an enterprise instant message (EIM) aggregator 21, to aggregate connections from various enterprises 23, 25 that obtain IM service from the particular carrier or service provider that operates network 10. The EIM service, using the traffic aggregator 21, provides secure IM to mobile stations 15, 17 that have been designated as members of an enterprise community, e.g. of enterprise community 23. The aggregator 21 includes a Service Control server 27. The Service Control server 27 performs all the necessary functions relating to login and message encryption, protocol conversion and control of access to the EIM service. The Service Control server 27 may be implemented on a general purpose computer having packet switched data communication capabilities and/or by a combination of a router and a programmable control/processor, configured to implement the control and security functions outlined below.
  • Each enterprise will operate its own systems to provide various communications, including secure IM, within its own respective domain or premises. Each IM community typically is comprised of an Instant Messaging Server and numerous IM clients that are resident on a variety of computing and local wireless devices. These devices include desktop computers and workstations, laptop computers, Personal Digital Assistants (PDAs), and mobile/handheld computers. The aggregator 21 allows the extension of the IM community to cell phones and PDAs as well as other wireless computing devices, represented by the mobile stations 15 and 17.
  • Consider the community 23 by way of an example. There, users in the enterprise IM community will have various client devices, represented generically by the desktop computers 31 and 33 and the laptop computer 35. The enterprise will provide packet data communications to/from these and other data devices within the enterprise premises, using any desirable wired or wireless communication technologies. For IM communications, the enterprise will also operate its own IM server 37. The IM server 37 provides user/device authentication and encryption key management for security. Presence information indicating which enterprise users are currently on-line for the IM communications typically is exchanged via the IM server 37. The IM server 37 typically participates in the IM message exchange between IM client devices, 31, 33, 35, although it is possible that some implementations might utilize a peer-to-peer communication for the actual message exchanges.
  • The aggregator 21 includes a number of gateway servers. The gateway servers, 29, 31 and 33 may be implemented on appropriate routers and/or computers having packet switched routing capabilities and sufficient intelligence to implement associated security functions, such as firewall and/or proxy functions as outlined below. Connectivity to the gateway servers in the aggregator 21 can be made using a Secure VPN or a Private Line. Each of these gateway servers provides a high level of security in and of itself. A secure VPN establishes a connection over the Internet. The Internet connection is not considered secure by itself. Establishing a VPN ensures a secure connection between the aggregator and the other server. The use of a private line makes use of dedicated connection from the aggregator to the other server. Common implementations of private lines include T1 and Fast or Gigabit Ethernet.
  • In the example, a gateway server 29 provides the VPN interface to the enterprises 23, 25. For example, there is a secure VPN link between the IM server 37 of the enterprise community 23 and the gateway server 29. The gateway server 29 implements proxy and firewall functions, to protect the aggregator 21 and the network 10 from any malicious traffic that otherwise might enter from the enterprise community 23 or from any of the enterprise communities 25.
  • Another gateway server 31 provides the secure interface for IM communications that pass through the IM gateway 19 for BREW Devices. In the example, the link between the gateways 19 and 31 uses the Wireless Village Client Server Protocol (CSP) IP over a secure VPN or private line. If the carrier's WDN network 13 supports non-BREW devices 17, then the aggregator 21 includes a gateway server 33 having a secure VPN or private line type link with the WDN 13 for IP traffic to/from such mobile stations 17. The gateway servers 31, 33 provide messaging protocol translation from the Service Control server 27 to servers outside the aggregator 21. Each gateway server 31, 33 implements a firewall functionality, to protect the aggregator 21 from potentially harmful or disruptive traffic that might otherwise enter via the respective interface.
  • The aggregator 21 can be thought of as the “traffic cop” for the service, as it is the focal point for all the necessary service functions. The aggregator 21 implements a secure environment so that the wireless device 15 or 17 can provide an IM capability within the enterprise community, that is to say in the one community 23 with which the particular mobile station(s) 15 or 17 is affiliated. The service control element 27 performs these and related functions. The gateways 29, 31 and 33 provide the secure interfaces to the various messaging paths. The list of functions of the Service Control 27 may include:
      • Secure Service Login
      • Encrypted Login Credentials
      • Encrypted Message Payload
      • Service Provisioning
      • Protocol Conversion
      • Handset Service KILL function
      • Service Notifications
  • To control service and/or features that the network 10 may provide to the various customers of the carrier, the network will typically include one or more systems for validating the mobile stations and/or their users to receive specific services or access specific features. Hence, in the example, the network 10 includes a system 41 for service/feature authorization. The service feature authorization may be implemented in association with authentication and accounting functions, for example, in the form of a AAA (Authentication, Authorization and Accounting) server, in association with billing functions implemented by EDR (Electronic Data Reporting) or the like, or in a number of other forms commonly found in wireless networks. Of note for purposes of the present discussion, the service control 27 in the EIM aggregator 21 will interact with the authorization system 41 as necessary, to determine that each mobile device 15 or 17 is authorized to use the EIM service, each time that a user of either station requests access to an enterprise for IM communication.
  • The carrier that provides services through the network 10 also operates its own system or systems 43 for provisioning the network elements and/or mobile stations of its customers for mobile station operation through the network 10. For example, when a new mobile station is activated, the provisioning system 43 typically loads some necessary information or programming into the mobile station, such as its assigned mobile directory number (MDN), and the provisioning system 43 loads an appropriate service profile record into the system 41 that will control service/feature authorization for that device, essentially to authorize the new mobile station to access particular network services and features. The example shows a provisioning gateway 45 and one or more other service provisioning systems 47. The provisioning gateway 45 provides a web interface or the like at which a user of a mobile station 15 or 17 can interact with the provisioning system(s) 47, to provision selected services or features offered to the mobile stations via the WDN network 13. Of note for purposes of the present discussion, the service control 27 in the EIM aggregator 21 may instruct the user to access the provisioning systems 43, e.g. via the provisioning gateway 45, as part of the initial set-up of mobile devices 15, 17 for the EIM service.
  • In general, the features of the EIM service may include:
      • Secure Service Login to the Enterprise and the wireless network
      • Validation of the handset to the wireless network to avoid spoofing from unauthorized handsets
      • Encrypted Log In Credentials to the Enterprise community
      • Encrypted Message Payload from the wireless handset to the Enterprise community: End-to-end encryption
      • Service Provisioning in the wireless network
      • Protocol Conversions between the wireless handset and the Enterprise community
      • Handset Service KILL functions to remove all messages and credentials that are on the handset if the handset should be lost or stolen
      • Service Notifications from the aggregator to the wireless handset that inform the user of significant service notices
  • One of the features of the EIM service, as outlined above, is the Service KILL function. This function utilizes wireless network short message service (SMS) wake up to erase all messages and user credentials if the enterprise directs the carrier to terminate service to a particular mobile station, e.g. if a handset should be lost or stolen. Essentially, personnel of the enterprise will cause the IM server 37 to send a KILL message to the service control 27 in the aggregator 21 identifying the stolen mobile station. Assume for this discussion that the stolen mobile station is station 15. The KILL message identifies the particular mobile station 15, and in response, the service control 27 will transmit a SMS type message through the WDN network 13 to that mobile station 15 instructing the station to wake-up the IM application on that station. The SMS message will also provide an instruction to the IM application to erase all messages and user credentials stored within that mobile station 15. The service control 27 will also notify the provisioning system(s) 47 to deactivate service to the mobile station 15, for example, by deleting any associated profile data from the authorization system 41 and/or by sending another message to the mobile station 15 to delete any provisioning data for at least the IM service, which may be stored in the mobile station itself.
  • It may be helpful at this point to consider an example (FIG. 2) of a call or signal flow, as an example of the processing of an IM communication session facilitated through the aggregator 21.
  • The example of an EIM communication begins after the user has activated the appropriate IM communication client application on the user's mobile station 15 or 17. The device client application provides an appropriate display, and in response, the user inputs the user's email address and password into the client application. The email address is used as a username in this example. In response to the user input, the device client sends a log-in request to the aggregator 21 (at step S1). The client application enables the mobile station to address this initial request message to the aggregator 21. Although not separately shown in the call flow diagram, the login request message communication would involve one or more packet transmissions through the carrier's WDN network 13, possibly the gateway 19 (if the mobile station is a BREW device) to one of the gateways 31, 33 in the aggregator 21, which in turn forwards the message packet(s) to the service control 27.
  • The aggregator will validate the wireless handset to ensure that the handset accessing the service is authorized to do so. The request message from the device client will include information about the mobile station as well as the user, for example, the mobile directory number (MDN) assigned to the particular mobiles station 15 or 17 as well as the username (email address). Typically, this message also includes the password entered by the user. To perform the validation, the service control 27 uses information from the login request to formulate an authorization query, essentially a request to determine if the user's mobile station is authorized for the EIM service through the carrier's network 10. At step S2, the service control 27 in the aggregator sends this authorization query to the element 41 that performs the carrier's service authorization function. The element may be an AAA server, an EDR unit in the billing center or other designated system.
  • The authorization query identifies the mobile station by its MDN and includes a feature code essentially to identify the EIM service that the user is attempting to access. The carrier's service/feature authorization element uses the MDN to look-up a service profile for the particular mobile station 15 or 17, and it uses the feature code to determine whether or not the profile shows that the particular mobile station is authorized to access the EIM service via the network 10 (step S3). This authorization check may involve checking of a number of other parameters. The authorization element can check the domain portion of the user name/email address to confirm that the domain corresponds to an enterprise that subscriber to the EIM service for mobile stations through the network 10. The authorization element can also check that the particular user is authorized for the EIM service based on the combination of username and password. In this example, we will assume that validation at S3 is successful. For example, the user's mobile station is authorized to use the EIM service, the domain name portion of the username (email address) is that of an enterprise community served by the aggregator 21, and the username/password identify a valid user of the EIM service.
  • Based on the result of the authorization determination at S3, the carrier's service/feature authorization element will respond to the initial query message (from step S2). In this example, since the mobile station is authorized to use the EIM service, the authorization element sends back a message (at S4) informing the service control 27 in the aggregator 21 that the MDN (and thus the particular mobile station) is provisioned for the EIM service. This may also effectively confirm that the domain is that of a valid EIM enterprise and that the particular user is authorized service through the network (entered a valid password associated with the username).
  • As noted above, the initial login request at S1 included the username, which is the user's email address. The email address includes a domain name following the @ symbol, which corresponds to the enterprise community to which the user is attempting EIM access. Based on that domain name, the service control 27 in the aggregator can determine the address for the messaging server of the particular enterprise, such as the server 37 of the enterprise community 23 in the example of FIG. 1. Using that address, the service control 27 in the aggregator responds to the determination that the mobile station is provisioned through the network for the EIM service by launching an authentication query (step S5) through the gateway 29 to the appropriate enterprise server (server 37 in our example), requesting that the particular IM server authenticate the user for IM communications with the associated IM community 23.
  • The authentication query sent to the enterprise IM server 37 in step S5 is encrypted. In the example, the service control 27 in the aggregator has previously received a public encryption key from the enterprise IM server 37. The example uses Advanced Encryption Standard (AES) encryption or Triple Data Encryption Algorithm (3DES or TDES) encryption. Hence, the service control 27 in the aggregator uses the AES or 3DES public key of the enterprise IM server 37 to encrypt the authentication query. Each enterprise will provide its public key (and possibly identify the particular encryption algorithm) when the enterprise signs-up with the carrier for the EIM service through the network 10. The keys may be changed from time to time, in which case the respective enterprise server will provide an updated public key to the carrier, for use by the aggregator 21.
  • The encrypted authentication query contains the username. The enterprise IM server 37 uses its AES or 3DES private key to decrypt the query and recover the username. The enterprise IM server 37 then checks its database of user information to check the validity of the received username (step S6). In the example, we have assumed that the username is valid, therefore the validity check at S6 is successful; and at S7, the enterprise IM server 37 sends back a response message indicating the successful validation of the username.
  • In response to receipt of the message indicating the successful validation of the username, the service control 27 now sends back (S8) its response to the initial login request (its response to the request it received at S1). The response message goes back through the gateway and the WDN network 13 to the device client application running in the user's mobile station 15 or 17. The message indicates successful completion of the request processing through the network 10. The service control 27 also supplies the RSA (Rivest, Shamir and Adleman) public encryption key of the aggregator 21 to the device client in the mobile station, as part of the response message sent in step S8.
  • When the device client was initially activated (prior to sending the login request at S1), that client was generic to data service through the carrier's network 10. However, based on the response at S8, the device client becomes a specific client program for EIM service through the network with the particular enterprise server, in this example, the server 37. Hence, at step S9 the device client causes the mobile station to form a login request for the particular IM server 37. This request contains the username and a password. The password may be the same as at S1 (for network validation) or a second password for enterprise validation. The enterprise login request message also contains an AES key, which is generated by the device client. The mobile station encrypts the enterprise login request message using the RSA public key of the aggregator 21. At step S9, the mobile station sends the encrypted enterprise login request message through the network 10 to the IM server 37 of the enterprise community. The aggregator 21 provides routing, via the appropriate gateways, however, the aggregator passes the message through transparently, e.g. without decrypting the message.
  • The carrier will have supplied the matching RSA private key of the aggregator to the enterprises that subscribe to the EIM service. Hence, the enterprise IM server 37 will use that key to decrypt the login request that it receives in step S9. In this way, the enterprise IM server 37 will recover the username and password, and it can validate the password for the respective username (step S10) based on its own internal user profile records. In the example, it is assumed that this validation also is successful. Hence, the server at the enterprise responds with a message (S11) indicating successful authentication, which it encrypts using the AES encryption algorithm and sends back to the aggregator 21 for forwarding (S12) to the device client in the mobile station 15 or 17. Although shown as two separate steps (S11 and S12), the routing through the aggregator 21 actually may be considered as a single step (like that of S9) since the aggregator passes the response message through transparently, e.g. without decrypting the message.
  • The user of the mobile station can now initiate an IM communication with another member of the enterprise IM community. The enterprise IM server 37 supports session set-up between users in a conventional fashion. The other client participating in the IM session may be a device within the enterprise domain, e.g. at one of the devices 31-35, or the other client may be another mobile station that is on-line (has successfully completed the login procedure as outlined above). Actual IM communication may subsequently ensue. Steps representing a single two-way exchange of messages with a party at the enterprise are shown for simplicity, although those skilled in the art will recognize that the subsequent IM communications may include any number of message transmissions.
  • In the example, the user of the mobile station enters text or other information for an IM message, and the device client encrypts that information using the AES key. At step S13, the mobile station sends the AES encrypted IM payload through the network 10 to the IM server 37. The network 10, including the aggregator 21, is transparent to this message. Although the message is routed through the aggregator, for security, the aggregator 21 does not decrypt the message. The IM server 37 at the enterprise passes the IM payload to the appropriate device client in the enterprise community (step S14). Depending on how the enterprise implements its IM communications, the server may decrypt the payload before communication to the device client, or the server may pass the payload on in encrypted form for decryption by the device client. The device client of the receiving party processes the message and presents the IM message to the user at the receiving end, in a normal manner.
  • The device client of that second party also offers that party a user interface for entering and sending a response. In the example, that user now enters text or other information for an IM message, and the device client sends that responsive IM message payload back to the server 37 via the enterprise network facilities (step S15). The payload may be encrypted by the client. If not, the enterprise server 37 uses the appropriate AES key to encrypt the payload and sends the payload back to the gateway 29 at the aggregator 21. The aggregator forwards the payload through the appropriate gateway to the WDN network 13, which delivers it to the mobile station and thus to the mobile user's device client. Although the message at S16 is routed through the aggregator 21, for security, the aggregator does not decrypt the message. The device client in the mobile station decrypts the payload and presents the IM message to the user at the receiving end, in a normal manner.
  • As shown, the EIM service provides end-to-end message payload encryption. The actual EIM messages are encrypted at least between the mobile station the enterprise IM server. Also, the key exchanges are encrypted. For example, the enterprise login credentials (username, password, and AES key) are encrypted from the mobile station to the enterprise IM server (see S8 and S9). The use of standard encryption methods such as RSA and AES/3DES within the call flows allows a simple method of ensuring that only authorized users can access the enterprise servers and that the messages will be encrypted by the strongest possible means. The messages can not be decrypted unless the keys are previously known. This ensures that anyone that attempts to access the messages from the wireless environment can not decrypt the messages or the login credentials of the enterprise community.
  • As noted earlier, the aggregator 21 for the EIM service also supports service provisioning in the wireless network 10. It may be helpful at this point to consider an example of a call flow, in which the user can self-provision the mobile device client for the EIM service through the network 10, as outlined in the signal flow diagram of FIG. 3.
  • In a manner similar to the earlier example, assume communication begins after the user has activated the appropriate IM communication client application on the user's mobile station 15 or 17. The device client application provides an appropriate display, and in response, the user inputs the user's email address and password into the client application. The email address is used as a username. In response, the device client sends a log-in request to the aggregator 21 (at step S21), as in step S1 in the example of FIG. 2. The request message from the device client will include information about the mobile station as well as the user, for example, the mobile directory number (MDN) assigned to the particular mobiles station 15 or 17 as well as the username (email address) and password.
  • The aggregator 21 again will attempt to validate the wireless device to ensure that the mobile station 15 or 17 that is accessing the service is authorized to do so. To perform the validation, the service control 27 uses information from the login request to formulate an authorization query; and at step S22, the service control 27 in the aggregator 21 sends this authorization query to the element 41 that performs the carrier's service authorization function. The carrier's service/feature authorization element uses the MDN to look-up a service profile for the particular mobile station, and it uses the feature code to determine whether or not the profile shows that the particular mobile station is authorized to access the EIM service via the network 10 (step S23). In this second example, assume however that the validation at S3 is unsuccessful because the mobile station is not yet provisioned to receive the EIM service through the network 10.
  • Based on the result of the authorization determination at S23, the carrier's service/feature authorization element 41 will respond to the initial query message (from step S22). However, in this example, since the mobile station is not yet authorized to use the EIM service, the authorization element sends back a message (at S24) informing the service control 27 in the aggregator that the MDN (and thus the particular mobile station) is not provisioned for the EIM service. Hence, at S25, service control 27 in the aggregator 21 sends a message back to the device client requesting that the user sign-up for the EIM service/feature on-line, and the device client causes the mobile station to present the message to the user. Assuming that the user agrees to sign-up for the service, the user inputs appropriate information, and the device client causes the mobile station to initiate a service request transmission in step S26, which the aggregator 21 routes to the carrier's provisioning gateway (gateway 45 in FIG. 1) in step S27. The gateway provides an interface to other provisioning element(s) 47 for interaction with the user (S28) to activate the service with respect to the user and the user's mobile station. Although not separately shown, when completed, the provisioning system may enter the EIM feature code in the user/mobile station profile in the element 41 performing the carrier's service/feature authorization. Provisioning data also may be downloaded into the mobile station. When the provisioning activity with the user is successfully completed, the gateway sends a message indicating successful completion back to the aggregator in step S29, and the aggregator 21 routes that message through to the device client on the user's mobile station in step S30.
  • Once successfully provisioned, the user can now access the EIM service via the network 11. Hence, the further communications involve another user login attempt starting with steps S1-S3 and continuing with the additional steps discussed above relative to FIG. 2.
  • The aggregator and the associated techniques described herein can be used for other services that require a secure messaging environment with a limited user access.
  • While the foregoing has described what are considered to be the best mode and/or other examples, it is understood that various modifications may be made therein and that the subject matter disclosed herein may be implemented in various forms and examples, and that the teachings may be applied in numerous applications, only some of which have been described herein. It is intended by the following claims to claim any and all applications, modifications and variations that fall within the true scope of the present teachings.
    • APPENDIX: ACRONYM LIST
  • The description above has used a large number of acronyms to refer to various services, messages and system components. Although generally known, use of several of these acronyms is not strictly standardized in the art. For the convenience of the reader, the following list correlates terms to acronyms, as used in the detailed description above.
  • 3DES (or TDES)—Triple Data Encryption Algorithm
  • 3GPP2—3rd Generation Partnership Project 2
  • AAA—Authentication, Authorization and Accounting
  • AES—Advanced Encryption Standard
  • BREW—Binary Runtime Environment for Wireless
  • CSP—Client Server Protocol
  • EDR—Electronic Data Reporting
  • EIM—Enterprise Instant Messaging
  • EVDO—Evolution Data Optimized
  • GSM—Global System for Mobile
  • IM—Instant Messaging
  • IP—Internet Protocol
  • LCS—Live Communications Server
  • MDN—Mobile Directory Number
  • PDA—Personal Digital Assistant
  • RSA—Rivest, Shamir and Adleman encryption
  • SMS—Short Message Service
  • TDMA—Time Division Multiple Access
  • VPN—Virtual Private Network
  • WDN—Wireless Data Network

Claims (9)

1-15. (canceled)
16. A method of providing enterprise instant messaging (IM) service for a mobile station through a mobile wireless communication network, the method comprising:
receiving a request for enterprise service from the mobile station, in an IM service control element of the mobile wireless communication network;
determining whether the mobile station is authorized to utilize the enterprise IM service through the mobile communication network;
in response to a determination that the mobile station is authorized to utilize the enterprise IM service through the mobile communication network, encrypting and forwarding login information of a user of the mobile station to an IM server of one of a plurality of enterprise communities served through the mobile wireless communication network for enterprise validation of user authentication;
receiving an indication of successful validation of the user of the mobile station from the IM server, and in response, providing a key of the IM service control element of the mobile wireless communication network to the mobile station for use in encrypted communication of a security key of the mobile station through the mobile wireless communication network to the IM server as part of a login of the mobile station with the IM server; and
transporting encrypted communications of IM messages through the mobile wireless communication network at least between the mobile station and the IM server, wherein at least one of the communications of IM messages is encrypted with the security key of the mobile station.
17. The method of claim 16, wherein:
the security key is a security key of the mobile station for encryption in accord with a first encryption algorithm;
the encrypting of the login information uses a public security key for the first encryption algorithm associated with the IM server; and
the providing of the key to the mobile station involves encrypting the key in accord with a second encryption algorithm.
18. The method of claim 17, wherein:
the second encryption algorithm implements Rivest, Shamir and Adleman (RSA) encryption; and
the first encryption algorithm implements Advanced Encryption Standard encryption or encryption in accord with a Triple Data Encryption Algorithm.
19. The method of claim 16, wherein:
the received request includes a username for the user of the mobile station; and
forwarding of the login information of the user comprises identifying the one enterprise community with which the username is associated.
20. The method of claim 19, wherein:
the username comprises an email address for the user of the mobile station; and
the one enterprise community is identified by a domain name portion of the email address for the user.
21. The method of claim 19, further comprising:
receiving another request for enterprise service from another mobile station, in the IM service control element of the mobile wireless communication network;
determining whether or not the other mobile station is authorized to utilize the enterprise IM service through the mobile communication network; and
in response to a determination that the other mobile station is not authorized to utilize the enterprise IM service through the mobile communication network, sending a message through the mobile communication network to the other mobile station to initiate provisioning of the other mobile station for enterprise IM service through the mobile communication network.
22. A method of providing enterprise instant messaging (IM) service for a mobile station through a mobile wireless communication network, the method comprising:
receiving a first request for enterprise service from the mobile station, in an IM service control element of the mobile wireless communication network;
determining whether or not the mobile station is authorized to utilize the enterprise IM service through the mobile communication network;
in response to a determination that the mobile station is not authorized to utilize the enterprise IM service through the mobile communication network, initiating a communication between the mobile station and a provisioning system of the carrier providing the IM service through the mobile wireless communication network, to provision the mobile station for enterprise IM service through the mobile communication network; and
after successful completion of communication to provision the mobile station for enterprise IM service, establishing a two-way encrypted secure communication link through the mobile communication network, between an IM server of an identified one of a plurality of enterprise IM communities served by the network and the mobile station for exchange of encrypted IM message payload data.
23. The method of claim 22, wherein the establishing of the two-way encrypted secure communication comprises:
receiving a second request for enterprise service from the mobile station, in the IM service control element of the mobile wireless communication network;
checking whether or not the mobile station is authorized to utilize the enterprise IM service through the mobile communication network; and
upon determining that the mobile station is authorized to utilize the enterprise IM service through the mobile communication network, establishing the two-way encrypted secure communication link through the mobile communication network, between the IM server of the identified enterprise IM community and the mobile station for the exchange of the encrypted IM message payload data.
US12/907,466 2006-10-30 2010-10-19 Enterprise instant message aggregator Expired - Fee Related US8032165B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/907,466 US8032165B2 (en) 2006-10-30 2010-10-19 Enterprise instant message aggregator

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/589,309 US7890084B1 (en) 2006-10-30 2006-10-30 Enterprise instant message aggregator
US12/907,466 US8032165B2 (en) 2006-10-30 2010-10-19 Enterprise instant message aggregator

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/589,309 Division US7890084B1 (en) 2006-10-30 2006-10-30 Enterprise instant message aggregator

Publications (2)

Publication Number Publication Date
US20110035591A1 true US20110035591A1 (en) 2011-02-10
US8032165B2 US8032165B2 (en) 2011-10-04

Family

ID=43535687

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/589,309 Expired - Fee Related US7890084B1 (en) 2006-10-30 2006-10-30 Enterprise instant message aggregator
US12/907,466 Expired - Fee Related US8032165B2 (en) 2006-10-30 2010-10-19 Enterprise instant message aggregator

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/589,309 Expired - Fee Related US7890084B1 (en) 2006-10-30 2006-10-30 Enterprise instant message aggregator

Country Status (1)

Country Link
US (2) US7890084B1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150350250A1 (en) * 2014-06-02 2015-12-03 Blackberry Limited System and Method for Switching Between Messaging Security Policies
US9584493B1 (en) 2015-12-18 2017-02-28 Wickr Inc. Decentralized authoritative messaging
US9584530B1 (en) 2014-06-27 2017-02-28 Wickr Inc. In-band identity verification and man-in-the-middle defense
US9584316B1 (en) 2012-07-16 2017-02-28 Wickr Inc. Digital security bubble
US20170063876A1 (en) * 2015-08-24 2017-03-02 Cyberlink Corp. Systems and methods for protecting messages utilizing a hidden restriction mechanism
US9590958B1 (en) 2016-04-14 2017-03-07 Wickr Inc. Secure file transfer
US9591479B1 (en) 2016-04-14 2017-03-07 Wickr Inc. Secure telecommunications
US9654288B1 (en) 2014-12-11 2017-05-16 Wickr Inc. Securing group communications
US9698976B1 (en) 2014-02-24 2017-07-04 Wickr Inc. Key management and dynamic perfect forward secrecy
US9832208B1 (en) * 2014-12-23 2017-11-28 Erasable, LLC System and methods of providing secure messaging environment
US9830089B1 (en) 2013-06-25 2017-11-28 Wickr Inc. Digital data sanitization
US9866591B1 (en) 2013-06-25 2018-01-09 Wickr Inc. Enterprise messaging platform
US10129260B1 (en) 2013-06-25 2018-11-13 Wickr Inc. Mutual privacy management
TWI649703B (en) * 2015-03-03 2019-02-01 遠傳電信股份有限公司 Enterprise mobility messaging assistant
US10291607B1 (en) 2016-02-02 2019-05-14 Wickr Inc. Providing real-time events to applications
US10567349B2 (en) 2013-06-25 2020-02-18 Wickr Inc. Secure time-to-live
WO2021216906A1 (en) * 2020-04-22 2021-10-28 Celona, Inc. Geo fencing enterprise network with macro pilot signature
US11240368B2 (en) * 2016-11-29 2022-02-01 Samsung Electronics Co., Ltd. Message processing method and electronic device implementing same
US11330003B1 (en) 2017-11-14 2022-05-10 Amazon Technologies, Inc. Enterprise messaging platform

Families Citing this family (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7890096B2 (en) 2006-03-02 2011-02-15 Tango Networks, Inc. System and method for enabling call originations using SMS and hotline capabilities
US8023479B2 (en) * 2006-03-02 2011-09-20 Tango Networks, Inc. Mobile application gateway for connecting devices on a cellular network with individual enterprise and data networks
US7903635B2 (en) 2006-03-02 2011-03-08 Tango Networks, Inc. System and method for enabling DTMF detection in a VoIP network
US11405846B2 (en) 2006-03-02 2022-08-02 Tango Networks, Inc. Call flow system and method for use in a legacy telecommunication system
US8924543B2 (en) 2009-01-28 2014-12-30 Headwater Partners I Llc Service design center for device assisted services
US8635335B2 (en) 2009-01-28 2014-01-21 Headwater Partners I Llc System and method for wireless network offloading
US8924469B2 (en) 2008-06-05 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8275830B2 (en) 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US8898293B2 (en) 2009-01-28 2014-11-25 Headwater Partners I Llc Service offer set publishing to device agent with on-device service selection
US8725123B2 (en) 2008-06-05 2014-05-13 Headwater Partners I Llc Communications device with secure data path processing agents
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8331901B2 (en) 2009-01-28 2012-12-11 Headwater Partners I, Llc Device assisted ambient services
US8548428B2 (en) 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US9454737B2 (en) * 2008-08-29 2016-09-27 International Business Machines Corporation Solution that leverages an instant messaging system to manage ad hoc business process workflows
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US8351898B2 (en) 2009-01-28 2013-01-08 Headwater Partners I Llc Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US9578182B2 (en) 2009-01-28 2017-02-21 Headwater Partners I Llc Mobile device and service management
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9557889B2 (en) 2009-01-28 2017-01-31 Headwater Partners I Llc Service plan design, user interfaces, application programming interfaces, and device management
US9755842B2 (en) 2009-01-28 2017-09-05 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US8793758B2 (en) 2009-01-28 2014-07-29 Headwater Partners I Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US8893009B2 (en) 2009-01-28 2014-11-18 Headwater Partners I Llc End user device that secures an association of application to service policy with an application certificate check
US9253663B2 (en) 2009-01-28 2016-02-02 Headwater Partners I Llc Controlling mobile device communications on a roaming network based on device state
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8745191B2 (en) 2009-01-28 2014-06-03 Headwater Partners I Llc System and method for providing user notifications
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US8606911B2 (en) 2009-03-02 2013-12-10 Headwater Partners I Llc Flow tagging for service policy implementation
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US9571559B2 (en) 2009-01-28 2017-02-14 Headwater Partners I Llc Enhanced curfew and protection associated with a device group
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US9351193B2 (en) 2009-01-28 2016-05-24 Headwater Partners I Llc Intermediate networking devices
US9154826B2 (en) 2011-04-06 2015-10-06 Headwater Partners Ii Llc Distributing content and service launch objects to mobile devices
US9998919B1 (en) 2011-11-18 2018-06-12 Google Llc SMS spoofing protection
US9887872B2 (en) * 2012-07-13 2018-02-06 Microsoft Technology Licensing, Llc Hybrid application environments including hosted applications and application servers for interacting with data in enterprise environments
US9438598B2 (en) 2013-02-15 2016-09-06 Verizon Patent And Licensing Inc. Securely updating information identifying services accessible via keys
US9154482B2 (en) * 2013-02-15 2015-10-06 Verizon Patent And Licensing Inc. Secure access credential updating
WO2014159862A1 (en) 2013-03-14 2014-10-02 Headwater Partners I Llc Automated credential porting for mobile devices
WO2016160957A1 (en) 2015-03-31 2016-10-06 Donaldson Willie L Secure dynamic address resolution and communication system, method, and device
US10110580B2 (en) * 2015-03-31 2018-10-23 Willie L. Donaldson Secure dynamic address resolution and communication system, method, and device
US10616177B2 (en) 2015-03-31 2020-04-07 Willie L. Donaldson Secure dynamic address resolution and communication system, method, and device
US10523537B2 (en) 2015-06-30 2019-12-31 Amazon Technologies, Inc. Device state management
US9973593B2 (en) * 2015-06-30 2018-05-15 Amazon Technologies, Inc. Device gateway
US10958648B2 (en) 2015-06-30 2021-03-23 Amazon Technologies, Inc. Device communication environment
US10075422B2 (en) 2015-06-30 2018-09-11 Amazon Technologies, Inc. Device communication environment
US10091329B2 (en) 2015-06-30 2018-10-02 Amazon Technologies, Inc. Device gateway
US11341218B2 (en) * 2019-01-25 2022-05-24 V440 Spólka Akcyjna Messaging application and electronic communications device providing messaging interface for messaging application
US11438177B2 (en) * 2020-02-28 2022-09-06 Vmware, Inc. Secure distribution of cryptographic certificates

Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020128036A1 (en) * 2001-03-09 2002-09-12 Yach David P. Advanced voice and data operations in a mobile data communication device
US20030105812A1 (en) * 2001-08-09 2003-06-05 Gigamedia Access Corporation Hybrid system architecture for secure peer-to-peer-communications
US20030130960A1 (en) * 2001-11-28 2003-07-10 Fraser John D. Bridging service for security validation within enterprises
US20030204741A1 (en) * 2002-04-26 2003-10-30 Isadore Schoen Secure PKI proxy and method for instant messaging clients
US20040088546A1 (en) * 2002-11-06 2004-05-06 Imlogic, Inc System and method for add-on services, secondary authentication, authorization and/or secure communication for dialog based protocols and systems
US20040117656A1 (en) * 2002-12-17 2004-06-17 Sierra Wireless, Inc. A Canadian Corp. Enterprise access configuration
US20040162076A1 (en) * 2003-02-14 2004-08-19 Atul Chowdry System and method for simplified secure universal access and control of remote networked electronic resources for the purposes of assigning and coordinationg complex electronic tasks
US20040172531A1 (en) * 2002-12-09 2004-09-02 Little Herbert A. System and method of secure authentication information distribution
US20040198331A1 (en) * 2003-04-02 2004-10-07 Sun Microsystems, Inc. System and method for advanced service interaction
US6856804B1 (en) * 2000-07-24 2005-02-15 Verizon Wireless Mobile station internet messaging
US20050048958A1 (en) * 2001-03-09 2005-03-03 Gary Mousseau Advanced voice and data operations in a mobile data communication device
US20050114652A1 (en) * 2003-11-26 2005-05-26 Totemo Ag End-to-end encryption method and system for emails
US20050154876A1 (en) * 2003-08-25 2005-07-14 Adrian Buckley System and method for securing wireless data
US20060009243A1 (en) * 2004-07-07 2006-01-12 At&T Wireless Services, Inc. Always-on mobile instant messaging of a messaging centric wireless device
US7120455B1 (en) * 2004-05-20 2006-10-10 Cellco Partnership Method and system for mobile instant messaging using multiple interfaces
US20070094337A1 (en) * 2005-10-21 2007-04-26 Klassen Gerhard D Instant messaging device/server protocol
US7240836B2 (en) * 2004-04-23 2007-07-10 Virtual Fonlink, Inc. Enhanced system and method for wireless transactions
US20070162554A1 (en) * 2006-01-12 2007-07-12 International Business Machines Corporation Generating a public key and a private key in an instant messaging server
US20070174399A1 (en) * 2006-01-26 2007-07-26 Ogle David M Offline IM chat to avoid server connections
US7328046B2 (en) * 2001-02-22 2008-02-05 Nokia Corporation Communication system
US20080069315A1 (en) * 2002-06-04 2008-03-20 Hitachi, Ltd. Communication system and communication method
US20080085728A1 (en) * 2006-10-05 2008-04-10 Verizon Services Corp. Short message service (sms) data transfer
US7403972B1 (en) * 2002-04-24 2008-07-22 Ip Venture, Inc. Method and system for enhanced messaging
US20080176541A1 (en) * 2004-07-15 2008-07-24 At&T Mobility Ii Llc Customer Service Messaging, Such As on Mobile Devices
US20090005040A1 (en) * 2004-02-09 2009-01-01 Proxpro, Inc. Method and computer system for matching mobile device users for business and social networking
US7673004B1 (en) * 2004-08-31 2010-03-02 Face Time Communications, Inc. Method and apparatus for secure IM communications using an IM module

Patent Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6856804B1 (en) * 2000-07-24 2005-02-15 Verizon Wireless Mobile station internet messaging
US7328046B2 (en) * 2001-02-22 2008-02-05 Nokia Corporation Communication system
US20020128036A1 (en) * 2001-03-09 2002-09-12 Yach David P. Advanced voice and data operations in a mobile data communication device
US20050048958A1 (en) * 2001-03-09 2005-03-03 Gary Mousseau Advanced voice and data operations in a mobile data communication device
US20030105812A1 (en) * 2001-08-09 2003-06-05 Gigamedia Access Corporation Hybrid system architecture for secure peer-to-peer-communications
US20030130960A1 (en) * 2001-11-28 2003-07-10 Fraser John D. Bridging service for security validation within enterprises
US7403972B1 (en) * 2002-04-24 2008-07-22 Ip Venture, Inc. Method and system for enhanced messaging
US20030204741A1 (en) * 2002-04-26 2003-10-30 Isadore Schoen Secure PKI proxy and method for instant messaging clients
US20080069315A1 (en) * 2002-06-04 2008-03-20 Hitachi, Ltd. Communication system and communication method
US20040088546A1 (en) * 2002-11-06 2004-05-06 Imlogic, Inc System and method for add-on services, secondary authentication, authorization and/or secure communication for dialog based protocols and systems
US20040172531A1 (en) * 2002-12-09 2004-09-02 Little Herbert A. System and method of secure authentication information distribution
US20040117656A1 (en) * 2002-12-17 2004-06-17 Sierra Wireless, Inc. A Canadian Corp. Enterprise access configuration
US20040162076A1 (en) * 2003-02-14 2004-08-19 Atul Chowdry System and method for simplified secure universal access and control of remote networked electronic resources for the purposes of assigning and coordinationg complex electronic tasks
US20040198331A1 (en) * 2003-04-02 2004-10-07 Sun Microsystems, Inc. System and method for advanced service interaction
US20050154876A1 (en) * 2003-08-25 2005-07-14 Adrian Buckley System and method for securing wireless data
US20050114652A1 (en) * 2003-11-26 2005-05-26 Totemo Ag End-to-end encryption method and system for emails
US20090005040A1 (en) * 2004-02-09 2009-01-01 Proxpro, Inc. Method and computer system for matching mobile device users for business and social networking
US7240836B2 (en) * 2004-04-23 2007-07-10 Virtual Fonlink, Inc. Enhanced system and method for wireless transactions
US7120455B1 (en) * 2004-05-20 2006-10-10 Cellco Partnership Method and system for mobile instant messaging using multiple interfaces
US20060009243A1 (en) * 2004-07-07 2006-01-12 At&T Wireless Services, Inc. Always-on mobile instant messaging of a messaging centric wireless device
US20080176541A1 (en) * 2004-07-15 2008-07-24 At&T Mobility Ii Llc Customer Service Messaging, Such As on Mobile Devices
US7673004B1 (en) * 2004-08-31 2010-03-02 Face Time Communications, Inc. Method and apparatus for secure IM communications using an IM module
US20070094337A1 (en) * 2005-10-21 2007-04-26 Klassen Gerhard D Instant messaging device/server protocol
US20070162554A1 (en) * 2006-01-12 2007-07-12 International Business Machines Corporation Generating a public key and a private key in an instant messaging server
US20070174399A1 (en) * 2006-01-26 2007-07-26 Ogle David M Offline IM chat to avoid server connections
US20080085728A1 (en) * 2006-10-05 2008-04-10 Verizon Services Corp. Short message service (sms) data transfer

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9628449B1 (en) 2012-07-16 2017-04-18 Wickr Inc. Multi party messaging
US9876772B1 (en) 2012-07-16 2018-01-23 Wickr Inc. Encrypting and transmitting data
US9584316B1 (en) 2012-07-16 2017-02-28 Wickr Inc. Digital security bubble
US9729315B2 (en) 2012-07-16 2017-08-08 Wickr Inc. Initialization and registration of an application
US9667417B1 (en) 2012-07-16 2017-05-30 Wickr Inc. Digital security bubble
US10567349B2 (en) 2013-06-25 2020-02-18 Wickr Inc. Secure time-to-live
US10129260B1 (en) 2013-06-25 2018-11-13 Wickr Inc. Mutual privacy management
US9866591B1 (en) 2013-06-25 2018-01-09 Wickr Inc. Enterprise messaging platform
US9830089B1 (en) 2013-06-25 2017-11-28 Wickr Inc. Digital data sanitization
US10382197B1 (en) 2014-02-24 2019-08-13 Wickr Inc. Key management and dynamic perfect forward secrecy
US10396982B1 (en) 2014-02-24 2019-08-27 Wickr Inc. Key management and dynamic perfect forward secrecy
US9698976B1 (en) 2014-02-24 2017-07-04 Wickr Inc. Key management and dynamic perfect forward secrecy
US9473534B2 (en) * 2014-06-02 2016-10-18 Blackberry Limited System and method for switching between messaging security policies
US20150350250A1 (en) * 2014-06-02 2015-12-03 Blackberry Limited System and Method for Switching Between Messaging Security Policies
US9584530B1 (en) 2014-06-27 2017-02-28 Wickr Inc. In-band identity verification and man-in-the-middle defense
US9654288B1 (en) 2014-12-11 2017-05-16 Wickr Inc. Securing group communications
US9832208B1 (en) * 2014-12-23 2017-11-28 Erasable, LLC System and methods of providing secure messaging environment
TWI649703B (en) * 2015-03-03 2019-02-01 遠傳電信股份有限公司 Enterprise mobility messaging assistant
US20170063876A1 (en) * 2015-08-24 2017-03-02 Cyberlink Corp. Systems and methods for protecting messages utilizing a hidden restriction mechanism
US10419444B2 (en) * 2015-08-24 2019-09-17 Cyberlink Corp. Systems and methods for protecting messages utilizing a hidden restriction mechanism
US9673973B1 (en) 2015-12-18 2017-06-06 Wickr Inc. Decentralized authoritative messaging
US9590956B1 (en) 2015-12-18 2017-03-07 Wickr Inc. Decentralized authoritative messaging
US9584493B1 (en) 2015-12-18 2017-02-28 Wickr Inc. Decentralized authoritative messaging
US10291607B1 (en) 2016-02-02 2019-05-14 Wickr Inc. Providing real-time events to applications
US9602477B1 (en) 2016-04-14 2017-03-21 Wickr Inc. Secure file transfer
US9590958B1 (en) 2016-04-14 2017-03-07 Wickr Inc. Secure file transfer
US9596079B1 (en) 2016-04-14 2017-03-14 Wickr Inc. Secure telecommunications
US9591479B1 (en) 2016-04-14 2017-03-07 Wickr Inc. Secure telecommunications
US11362811B2 (en) 2016-04-14 2022-06-14 Amazon Technologies, Inc. Secure telecommunications
US11405370B1 (en) 2016-04-14 2022-08-02 Amazon Technologies, Inc. Secure file transfer
US11240368B2 (en) * 2016-11-29 2022-02-01 Samsung Electronics Co., Ltd. Message processing method and electronic device implementing same
US11330003B1 (en) 2017-11-14 2022-05-10 Amazon Technologies, Inc. Enterprise messaging platform
WO2021216906A1 (en) * 2020-04-22 2021-10-28 Celona, Inc. Geo fencing enterprise network with macro pilot signature

Also Published As

Publication number Publication date
US8032165B2 (en) 2011-10-04
US7890084B1 (en) 2011-02-15

Similar Documents

Publication Publication Date Title
US8032165B2 (en) Enterprise instant message aggregator
US10237732B2 (en) Mobile device authentication in heterogeneous communication networks scenario
KR101202671B1 (en) Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal
EP1994715B1 (en) Sim based authentication
EP1819123B1 (en) Secure method of termination of service notification
US8145193B2 (en) Session key management for public wireless LAN supporting multiple virtual operators
US10045213B2 (en) Method and apparatus for authenticating terminal in mobile communications system
EP2195963B1 (en) Security measures for countering unauthorized decryption
JP5952308B2 (en) Mobile device security
US20080130898A1 (en) Identifiers in a communication system
US20070178881A1 (en) Remotely controlling access to subscriber data over a wireless network for a mobile device
EP2790379B1 (en) Methods and systems for server-initiated activation of device for operation with server
US20080263648A1 (en) Secure conferencing over ip-based networks
WO2008076163A2 (en) Techniques for managing security in next generation communication networks
EP2547051B1 (en) Confidential communication method using vpn, a system and program for the same, and memory media for program therefor
CN103795966B (en) A kind of security video call implementing method and system based on digital certificate
CN1977559A (en) Method and system for protecting information exchanged during communication between users
US20230171593A1 (en) Method of Providing a Communication Function in a User Equipment
KR101691109B1 (en) System, method and server for transmitting security message
Khozooyi et al. Security in mobile governmental transactions
EP3032448B1 (en) Method for authorizing access to information in a telecommunication system
US20180212958A1 (en) Two Factor Authentication Using SMS
Wiederkehr Approaches for simplified hotspot logins with Wi-Fi devices

Legal Events

Date Code Title Description
ZAAA Notice of allowance and fees due

Free format text: ORIGINAL CODE: NOA

ZAAB Notice of allowance mailed

Free format text: ORIGINAL CODE: MN/=.

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: CELLCO PARTNERSHIP D/B/A VERIZON WIRELESS, NEW JER

Free format text: NUNC PRO TUNC ASSIGNMENT;ASSIGNORS:DUDZIAK, THADDEUS JUDE;PATEL, BIREN;KUPSH, JERRY;REEL/FRAME:027324/0912

Effective date: 20080818

Owner name: CELLCO PARTNERSHIP (D/B/A VERIZON WIRELESS), NEW J

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DUDZIAK, THADDEUS JUDE;PATEL, BIREN;KUPSH, JERRY;REEL/FRAME:027324/0880

Effective date: 20061218

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20231004